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Amendments to the claims 

This listing of claims replaces all prior versions and listings of claims in this application. 
What is claimed is: 

1. (Currently amended) A security architecture for a computer platform comprising at 
least one data processor and at least one memory means said architecture comprising: 

an applications laye r (200) for containing a plurality of user security applications; 

a layered services layer (201) for containing a plurality of security services 
protocols; 

a language interface adaptor, and tools for policy and model authoring or th e 

like; 

a common security services manager (CSSM) layer 43Q2kmderlying the layered 
services layer comprising a plurality of security services management means (203 - 208), 
a set of integrity services, a policy interpr e t e r, a manager of security contexts, and a 
plurality of interface s (209 21 d) for interfacing with add-in security module s (216 221); 
and 

an add-in security modules layer (215) capable of accepting underlying the 
common security services manager layer, configured to accept a plurality of add-in 
security module s (216 - 221) implementing a set of standard security services; 

characterized in that said architecture comprises; 

a generic trust policy library423^ within the add-in security modules layer and 
supporting a set of standard trust policy Application Programming Interfaces (APIs) 
and some functions dealing with trust policy description files; 
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a trust policy description file-(223)- containing a set of domain-specific trust 
policies written in a policy description language common to said architecture; and 

a policy interpreter (221), said policy interpreter operating to interpret a set of 
policies contained in said policy description file. 

2. (Currently amended) The architecture as claimed in claim 1, characterized in 
tha twherein at least one of said plurality of said management means (203 - 208) is 
provided with a corresponding respective policy description file determining the 
policies with which said at least one management means operates. 

3. (Currently amended) The architecture as claimed in claim 1, characterized by f urther 
comprising a set of policy and model authoring tool s (100), allowing a user to create 
said policy description file implementing a set of user specified domain-specific policies 
for controlling said computer platform. 

4. (Currently amended) The architecture as claimed in claim 1, characterized in 
that wherein said policy description language comprises a known PROLOG language. 

5. (Currently amended) The architecture as claimed in claim 1, characterized in 
tha twherein said policy interpreter comprises a PROLOG inference engine. 

6. (Currently amended) The architecture as claimed in claim 1, charact e riz e d in 
tha twherein said common security services manager layer (502) is provided with its 
own policy description fil e (520) for implementing policies in that layer. 

7. (Currently amended) The architecture as claimed in clairnl, charact e riz e d in 
tha iwherein said applications laye r (500) is provided with an applications layer policy 
description fil e (510) for determining policies to be implemented in said applications 
layer. 
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8. (Currently amended) The architecture as claimed in claim 1, characterized in 
tha twherein said layered services layer (501) is provided with a layered services layer 
policy description file (506) for determining policies followed by said layered services 
layer. 

9. (Currently amended) The architecture as claimed in claim 1, characterized in 
tha twherein at least one of said plurality of add-in security module s (216, 218 - 221) is 
provided with a corresponding respective policy description file determining the 
policies with which at least one add-in security module operates. 



